Spamvertised ‘PayPal has sent you a bank transfer’ themed emails lead to Black Hole exploit kit

Sticking to their well proven social engineering tactics consisting of systematic rotation of the abused brands, cybercriminals are currently spamvertising millions of emails impersonating PayPal, in an attempt to trick end and corporate users into interacting with the malicious campaign.

Once the interaction takes place, users are exposed to the client-side exploits served by the Black Hole exploit kit, currently the market share leader within the cybercrime ecosystem.

More details:

Screenshot of the spamvertised email:

Upon clicking on the link, users are exposed to bogus “Page loading…” page:

Upon successful client-side exploitation, the campaign drops MD5: 05e0958ef184a27377044655d7b23cb0 on the affected hosts, detected by 28 out of 41 antivirus scanners as Trojan.Generic.KDV.679870; Trojan-Dropper.Win32.Dapato.bnej.

As we’ve already predicted, the cybercriminal or gang of cybercriminals behind these persistent and massive spam campaigns will simply continue rotating the impersonated brands in an attempt to target millions of users across multiple Web properties.